The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill enables the agent to ingest untrusted data (highlights from arbitrary web pages) and provides capabilities with high-impact side effects (collection sharing and collaborator management).\n
Ingestion points: references/highlights.md describes endpoints for retrieving text content from bookmarks.\n
Boundary markers: No instructions for delimiting or ignoring instructions within highlights are provided.\n
Capability inventory: Sensitive API operations including POST /sharing (invite collaborators) and PUT /raindrop (modify bookmarks).\n
Sanitization: No sanitization or validation of highlight content is mentioned, allowing embedded instructions to potentially influence the agent's logic.\n- Data Exposure & Exfiltration (LOW): The skill documentation includes network operations to api.raindrop.io. While this is the official API, the domain is not on the predefined trust whitelist.\n- Command Execution (LOW): The skill provides bash command templates using curl and jq for API interaction. While these are documentation examples, they represent the execution of shell commands based on external documentation.

raindrop-api